this post was submitted on 13 May 2024
11 points (92.3% liked)
cybersecurity
3249 readers
9 users here now
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Community Rules
- Be kind
- Limit promotional activities
- Non-cybersecurity posts should be redirected to other communities within infosec.pub.
Enjoy!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You're in luck! Cybersec people, for the most part, love sharing what they know/have done with each other. Many believe in freedom of information and find value in open collaboration. We just wanna show you the whacky thing we did with what we had.
The biggest resource I'll share with you is membership with ISAAC. Find whatever category you fit into here and push to get your org membership, if you don't already. This puts you into a huge working group with your industries' peers and they will have all sorts of resources for you to use including discussions, meetings with pros, etc.
There's also SANS who has some free stuff (check their Reading Room) but also has classes (paid, expensive, but veeery worth it imo, again if you can get buy-in)
Outside of the paid membership options, there's still a lot of good options:
MISP is a great threat intel sharing platform, but will require some setup as a product (free && opensource). Take this one slow, you don't want data leakage. Start small and locked down, gradually open up as you gain buy-in/trust/confidence.
Cybrary IT is a free+paid learning platform, good stuff here - lots of diversity including business stuff
OWASP - more so for web-app security, still good knowledge to add to that toolbox
OpenSecurityTraining - heard some good things about this site, I think you may enjoy it - I have not used it myself, but please let me know if you have any problems/reasons you don't like it.
Then there's always the classic CTF/Hack Challenges websites out there which let you get real experience with red-teaming/bolstering your knowledge of attacker TTPs (Techniques, Tactics, Procedures):
HackTheBox - challenges for practicing your skills. No hand-holding, just a sandbox for you to play in. They have academy offerings (paid, and a new service, recommend skipping unless you can get buy in from the company/have a team who would benefit from a bulk-license purchase), regular free boxes to challenge yourself with, etc
TryHackMe - this one is also CTFs but its more so lesson based/training stuff
Heard good things about KC7 as well, seems to be more threat hunting/blue team focused (blue team = defend, red team = attack)
LetsDefend - Free + paid options, more blue team stuff, great for SOCs which may or may not hit your mark.
Hope this helps you out, biggest thing is getting integrated with the community, reading the news (religiously), and managing burn out. Security is an uphill battle, but we roll this boulder for others who cannot. Respect your body and take care of your mental, or you will burn out and scar yourself. LMK if you need anything!
Forgot to mention the NIST Framework, oy vey. This one is pretty good and is an excellent resource, albeit rather scary lookin' on the surface. Very good resource, and will definitely net you some cred in your org.